diff --git a/changelogs/fragments/10910.yml b/changelogs/fragments/10910.yml
new file mode 100644
index 000000000000..f53d2d4841d0
--- /dev/null
+++ b/changelogs/fragments/10910.yml
@@ -0,0 +1,2 @@
+security:
+- [CVE-2025-59343] Bump tar-fs from 2.1.3 to 2.1.4 and from 3.1.0 to 3.1.1 ([#10910](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/10910))
\ No newline at end of file
diff --git a/packages/osd-opensearch/package.json b/packages/osd-opensearch/package.json
index d1d2cfa45468..50c3499d796c 100644
--- a/packages/osd-opensearch/package.json
+++ b/packages/osd-opensearch/package.json
@@ -23,7 +23,7 @@
     "glob": "^7.1.7",
     "node-fetch": "^2.6.7",
     "simple-git": "^3.16.0",
-    "tar-fs": "^2.1.3",
+    "tar-fs": "^2.1.4",
     "tree-kill": "^1.2.2",
     "yauzl": "^2.10.0"
   },
diff --git a/packages/osd-test/package.json b/packages/osd-test/package.json
index 08919c808009..7e3b6deb6d86 100644
--- a/packages/osd-test/package.json
+++ b/packages/osd-test/package.json
@@ -36,7 +36,7 @@
     "parse-link-header": "^2.0.0",
     "rxjs": "^6.5.5",
     "strip-ansi": "^6.0.0",
-    "tar-fs": "^2.1.3",
+    "tar-fs": "^2.1.4",
     "xml2js": "^0.5.0",
     "zlib": "^1.0.5"
   }
diff --git a/yarn.lock b/yarn.lock
index cdda3be5b80a..51e6f109fe5b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -26138,10 +26138,10 @@ tape@^5.0.1:
     string.prototype.trim "^1.2.5"
     through "^2.3.8"
 
-tar-fs@^2.1.3:
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.3.tgz#fb3b8843a26b6f13a08e606f7922875eb1fbbf92"
-  integrity sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==
+tar-fs@^2.1.4:
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.4.tgz#800824dbf4ef06ded9afea4acafe71c67c76b930"
+  integrity sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==
   dependencies:
     chownr "^1.1.1"
     mkdirp-classic "^0.5.2"
@@ -26149,9 +26149,9 @@ tar-fs@^2.1.3:
     tar-stream "^2.1.4"
 
 tar-fs@^3.0.8, tar-fs@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.1.0.tgz#4675e2254d81410e609d91581a762608de999d25"
-  integrity sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w==
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.1.1.tgz#4f164e59fb60f103d472360731e8c6bb4a7fe9ef"
+  integrity sha512-LZA0oaPOc2fVo82Txf3gw+AkEd38szODlptMYejQUhndHMLQ9M059uXR+AfS7DNo0NpINvSqDsvyaCrBVkptWg==
   dependencies:
     pump "^3.0.0"
     tar-stream "^3.1.5"